Cisco’s AON: Jeeves in a router or a box of evils?

By an odd coincidence, the latest SANS Top 20 Vulnerabilities list warns that attackers are broadening their focus, looking for exploits against network devices as well as operating systems and applications. Cisco makes the top 20, along with Juniper, CheckPoint and Symantec. As well as six critical vulnerabilities affecting Cisco’s IOS in the last year, SANS identifies five in non-IOS-based Cisco products. (For details, see SANS and The Register, passim).

The known weaknesses of IOS do not necessarily affect AON, because AON modules themselves do not run IOS. However, the route processor or switch supervisor – which sits between the AON blade modules and the network – is IOS-based. Anyway, if source code can be stolen wholesale (as it was last year), attackers could submit even new software to a rigorous search for potential exploits.

More broadly, there is a risk that security could be prejudiced if a giant networking supplier like Cisco vertically integrates functions like XML security and routing. Besides, the more successful Cisco is, the more of a monoculture it will create – giving attackers a standard set of targets, more or less like Windows. Imagine a single subverted router, sending carefully modified packets to servers, PCs, other AON routers…

The second issue with AON is that it gives Cisco what some may consider an unfair advantage over its competitors. As the market leader, it is well placed to dictate de-facto standards – just as Microsoft does – which might shut out other suppliers from the new segment. Soon, customers would find they have a choice between buying “dumb routers” from any of a hundred vendors, or “smart Cisco routers” from… well, Cisco. Even if someone else made a living selling smart routers, they probably wouldn’t be AON-compatible.

So far, so bad. But things get rapidly worse. We have all benefited from the flat-rate access, content-neutral model of the Internet. We sling bits into the big dumb pipes, which magically rematerialize them somewhere – anywhere – else, without caring in the least what they represent.

Meanwhile, all sorts of smart servers at the network edge do clever stuff with those bits. They might encode email, files, Web pages, XML messages, movies, music, or whatever we like. But as David Isenberg recently pointed out in VON magazine, telcos and cablecos hate the “fat, dumb pipes” model and would love to be able to discriminate between different kinds of traffic. Just think: they could recognize every single VoIP packet and charge the conversation at standard phone service rates, instead of having to pass it on unrecognized. Before we know it, we could be back in the AOL/Compuserve universe – paying extra for every piece of information and every “special” service.

The same issue is at the heart of a Slashdot discussion about some ideas floated by BellSouth CTO William L Smith. For instance, Smith told reporters that BellSouth should be able “to charge Yahoo Inc. for the opportunity to have its search site load faster than that of Google Inc.”

Or, still more provocatively, “his company should be allowed to charge a rival voice-over-internet firm so that its services can operate with the same quality as BellSouth’s offering”. Note the careful wording, which stops just short of suggesting that if a VoIP supplier didn’t pay up, its services might suffer a regrettable quality accident. After all, there would be no need to degrade the non-payer’s QoS – all the other companies that did pay would see to that by simply crowding its traffic out.

Cisco may have rendered moot the long-running argument about whether to run Web services over HTTP, JMS, or something else. Just run ‘em over Cisco… The question everybody has to ask is whether AON is Cisco’s bid (not the first, either) to “embrace, extend, and extinguish” (or at least domesticate) the internet as we know and love it. ®